CVE-2023-25216 in AC5
Summary
by MITRE • 04/07/2023
Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the formSetFirewallCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 10/29/2025
The vulnerability identified as CVE-2023-25216 represents a critical stack overflow flaw within the Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 firmware version. This issue resides in the formSetFirewallCfg function which processes firewall configuration parameters, making it a prime target for exploitation by malicious actors seeking to compromise network security devices. The stack overflow vulnerability occurs when the firmware fails to properly validate input parameters passed to this specific function, creating an opportunity for attackers to manipulate memory allocation patterns and potentially execute arbitrary code on the affected device.
The technical exploitation of this vulnerability follows established patterns documented in CWE-121 Stack-based Buffer Overflow, where insufficient bounds checking allows attackers to overwrite adjacent memory locations on the stack. This particular implementation flaw enables remote code execution or denial of service conditions when crafted payloads are submitted through the firewall configuration interface. The vulnerability is particularly concerning because it affects a wireless router model that likely serves as a primary network gateway for residential and small office environments, making it a valuable target for attackers seeking persistent access to network infrastructure.
From an operational perspective, this vulnerability creates significant risk for organizations and individuals relying on Tenda AC5 devices for network connectivity. The ability to achieve remote code execution means that attackers could potentially gain full administrative control over the device, enabling them to modify firewall rules, redirect traffic, install malicious software, or use the device as a pivot point for attacks on internal networks. The denial of service component further compounds the risk by potentially disrupting network connectivity for legitimate users, which aligns with ATT&CK technique T1499.004 Network Denial of Service and T1071.004 Application Layer Protocol.
The exploitation of this vulnerability requires minimal privileges and can be accomplished through web-based interfaces, making it particularly dangerous as it does not require physical access or specialized tools. Security researchers have noted that such stack overflow vulnerabilities often persist across firmware versions, suggesting that similar flaws may exist in other Tenda router models or firmware components. Network administrators should consider implementing network segmentation and monitoring for unusual traffic patterns that might indicate exploitation attempts, while also ensuring that all network devices receive timely firmware updates from manufacturers.
Mitigation strategies should focus on immediate firmware updates from Tenda if available, network monitoring for suspicious configuration changes, and implementing network access controls that limit exposure to this vulnerability. The vulnerability demonstrates the importance of proper input validation and memory management in embedded systems, with implications for the broader IoT security landscape where similar flaws have been identified in numerous network device manufacturers. Organizations should also consider implementing intrusion detection systems that can identify attempts to exploit known stack overflow vulnerabilities in network infrastructure devices.